[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replica and ssl

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: replica and ssl
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 18 Dec 2004 18:29:32 +0100
Cc: Ottavio Campana <ottavio@campana.vi.it>, openldap-software@OpenLDAP.org
In-reply-to: <35E7C7447DE86ADABCA645FE@cadabra-dsl.stanford.edu>
References: <41C3F208.4000503@campana.vi.it> <35E7C7447DE86ADABCA645FE@cadabra-dsl.stanford.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913

Quanah Gibson-Mount wrote:
>
> You could leave it on port 389, use TLS, and be just as secure.

Quanah please be precise here: You are probably referring to StartTLS extended operation sent over an existing LDAP connection. SSLv3 or TLSv1 is an encryption protocol above the transport layer encryption.

BTW: I see some security benefits when using LDAPS URIs over StartTLS ext. op. You don't have to set another config parameter to make use of SSL or TLS mandantory. But your mileage may vary.

Ciao, Michael.

References:
- replica and ssl
  - From: Ottavio Campana <ottavio@campana.vi.it>
- Re: replica and ssl
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: problem with db_stat
Next by Date: Re: problem running TLS with ldap 2.2.17
Index(es):
- Chronological
- Thread